Palo Alto Networks Certified Strata Field Engineer (PCSFE) — Question 99

Why are containers uniquely suitable for runtime security based on allow lists?

Answer options

• A. Containers have only a few defined processes that should ever be executed.
• B. Developers define the processes used in containers within the Dockerfile.
• C. Docker has a built-in runtime analysis capability to aid in allow listing.
• D. Operations teams know which processes are used within a container.

Correct answer: B

Explanation

The correct answer is B because developers explicitly define the processes that can run in a container within the Dockerfile, enabling precise control for security. Option A is incorrect as it doesn't highlight the developer's role in defining processes. Option C is wrong since Docker does not primarily focus on built-in runtime security analysis for allow listing. Option D, while true about operations teams, does not address the process definition aspect that is crucial for allow listing.